yii2-admin 如何限制admin模块不能在地址栏里输入访问只有设置的超级管理员才可以设置

问题描述

我在使用yii2-admin rbac功能 ,发现无论用户登录与否,在地址栏中都可以输入连接地址访问 权限控制admin模块.

问题出现的环境背景及自己尝试过哪些方法

yii2.0 composer 安装的yii2-admin 模块

相关代码

// 请把代码文本粘贴到下方（请勿用图片代替代码）

return [

'id' => 'app-backend',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend\controllers',
'bootstrap' => ['log'],
  'modules' => [
  'admin' => [
      'class' => 'mdm\admin\Module',
   ],

],

'aliases' => [
    '@mdm/admin' => '@vendor/mdmsoft/yii2-admin',
],

'components' => [
    'request' => [
        'csrfParam' => '_csrf-backend',
    ],
    'user' => [
        'identityClass' => 'mdm\admin\models\User',
        'loginUrl' => '/admin/user/login',

        'enableAutoLogin' => true,
        'identityCookie' => ['name' => '_identity-backend', 'httpOnly' => true],
    ],
    'session' => [
        // this is the name of the session cookie used for login on the backend
        'name' => 'advanced-backend',
    ],
    'log' => [
        'traceLevel' => YII_DEBUG ? 3 : 0,
        'targets' => [
            [
                'class' => 'yii\log\FileTarget',
                'levels' => ['error', 'warning'],
            ],
        ],
    ],
    'errorHandler' => [
        'errorAction' => 'site/error',
    ],

    'authManager' => [
        'class' => 'yii\rbac\DbManager',

// 'defaultRoles' => ['guest'],

    ],

    'as access' => [
        'class' => 'mdm\admin\components\AccessControl',
        'allowActions' => [
            //这里是允许访问的action，不受权限控制

// 'site/login',
// controller/action

        ]
    ],

    'urlManager' => [
        'enablePrettyUrl' => true,
        'showScriptName' => false,
        'rules' => [
            [
                'class' => 'yii\rest\UrlRule',
                'controller' => 'site'
            ],
            [
                'class' => 'yii\rest\UrlRule',
                'controller' => 'user'
            ],
        ],
    ],

],
'params' => $params,

你期待的结果是什么？实际看到的错误信息又是什么？

希望只有超级管理员才可以访问和设置 rbac 相关的路由及分配功能